Are there standard interfaces that allow plug and play of different crypto
modules (Hardwares, crypto softwares, etc - basically CSPs)?
Also, I am looking for an answer for this question : Is OpenSSL integrated
with directory (LDAP) services like getting the
CRLs, Certificates, etc from a directory?
I am a newbie to OpenSSL and would really appreciate your input on this.
Thanks,
Ranga.
----- Original Message -----
From: "Steven A. Bade" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 15, 2001 11:20 AM
Subject: Re: Crypto Hardwares and LDAP Support
> On Thu, Mar 15, 2001 at 10:43:54AM -0500, Ranga wrote:
> > Hi,
> >
> > I am trying to find out if OpenSSL supports CryptoHardwares that perform
cryptographic operations, stores private keys etc
> >
> > like IBM 4758? Can different CSPs (Cryptographic Service Providers) plug
and play into OpenSSL?
> >
>
> At this time there is no support for the IBM 4758 card.... It is
possible,
> however there are some issues with dealing with the key storage and
> key representations. I've been toying with actualy working on enabling
> openSSL to use PKCS#11 hardware tokens to be able to access other crypto
> hardware besides the 4758 (which supports PKCS#11)... PKCS#11 is NOT
necessarily
> the best API, but it is commonly offered by Crypto hardware vendors....
>
> My initial take would be to create an engine architecture module, which
would
> have to do some things with managing the keys etc, taking them from
> the openSSL calls and caching them as PKCS#11 objects, the first time that
> a key was used would incur the overhead of creating the object, but
subsequent
> uses of the same key would only have to do the PKCS#11 calls...
>
> > Next question is : Is OpenSSL integrated with directory (LDAP) services
like getting the CRLs, Certificates, etc from a directory?
> >
> > Would appreciate any kind of input on the above two issues.
> >
> > Thanks,
> >
> > Ranga.
> >
>
> --
> Steven A. Bade
> AIX E-Commerce/Network Security Cryptographic Strategy and Development
Architecture
> [EMAIL PROTECTED]
> T/L 678-4799
> (512)-838-4799
>
> --
> To convert from Hogsheads to Cubic Feet - Multiply by 8.4219
>
> "Two-way communication is necessary to proactively facilitate acceptance
> and involvement and to get insights about the journey it takes to get
where
> we want"
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
